Hi Matt, All I was trying also to integrate Matterhorn V1.2 with MS Active directory. The only problem which I am facing now is that I cannot get Authenticated.
I used this page for configuration: http://opencast.jira.com/wiki/display/MH/University+of+Saskatchewan+CAS+and+ LDAP+integration First of all here is my LDAP configuration : org.opencastproject.userdirectory.ldap.url.1=ldap://10.1.1.180 org.opencastproject.userdirectory.ldap.userDn.1=CN=matterhorn-ldap,OU=TEST,D C=REZA,DC=NET org.opencastproject.userdirectory.ldap.password.1=P@ssw0rd org.opencastproject.userdirectory.ldap.searchbase.1=dc= DC=REZA,DC=NET org.opencastproject.userdirectory.ldap.searchfilter.1=(sAMAccountName={0}) org.opencastproject.userdirectory.ldap.cache.size.1=1000 org.opencastproject.userdirectory.ldap.cache.expiration.1=5 org.opencastproject.userdirectory.ldap.roleattributes.1=pager org.opencastproject.userdirectory.ldap.org.1=mh_default_org keys=org.opencastproject.userdirectory.ldap.url,org.opencastproject.userdire ctory.ldap.searchbase,\ org.opencastproject.userdirectory.ldap.searchfilter,org.opencastproject.user directory.ldap.cache.size,\ org.opencastproject.userdirectory.ldap.cache.expiration,org.opencastproject. userdirectory.ldap.roleattributes,\ org.opencastproject.userdirectory.ldap.org,org.opencastproject.userdirectory .ldap.userDn,\ org.opencastproject.userdirectory.ldap.password I have changed the search filter to sam account name, which finds the active directory user. I put the ROLES in pager attribute of user temporary. I'm not using LDAPS. I used a wireshark at LDAP server to see whats going on between materhorn and LDAP server. When Matterhorn startsup, it authenticate it self against the AD using Matterhorn-ldap user, and receives a Success message from AD. Authentication happens based on SIMPLE password authentication and Matterhorn sends the password as hash to AD for authentication. I got these messages in Matterhorn shell: 17:59:47 DEBUG (LdapUserProvider:130) - connecting to ldap 17:59:47 DEBUG (LdapUserProvider:133) - user dn is not null, loading from properties 17:59:48 DEBUG (LdapUserProvider:184) - org.opencastproject.userdirectory.ldap.LdapUserProvider.mh_default_org:type= LDAPRequests was not registered I filled my user's pager attribute with this value : ROLE_ADMIN After Matterhorn startup, when I enter my username and password, Matterhorn just shows the Red message " Your login attempt was not successful, try again." I can see on my wireshark that it sent a search query looking for sAMAccountName=REZA , and looking for pager attribute. The AD has rplied back the result with a single result and pager attribute value of ROLE_ADMIN. After this, Matterhorn didn't send the password to the AD for authentication, instead gave me error for login. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Matt Mencel Sent: Wednesday, January 04, 2012 2:36 AM To: [email protected] Subject: [Matterhorn-users] LDAP and Matterhorn Hi, I've having some trouble getting the LDAP integration working with Matterhorn. I've followed all the instructions here... http://opencast.jira.com/wiki/display/MH/University+of+Saskatchewan+CAS+and+ LDAP+integration My CAS authentication is working because I changed the "demo.admin.user" in config.properties to my LDAP login that CAS sends over and can get into the Admin UI that way. No other accounts will work though and I assume it's because Matterhorn is not able to look up the CAS authentication credentials to a user in LDAP and know what access to give? With some assistance from the good people at U of Saskatchewan, I've enabled the logging for LDAP and CAS by adding these three entries to /opt/matterhorn/felix/conf/services/org.ops4j.pax.logging.properties... log4j.logger.org.opencastproject.userdirectory.ldap=DEBUG log4j.logger.org.springframework.security.cas=DEBUG log4j.logger.org.springsource.org.opensaml=DEBUG This gets me some good info where I can see the CAS stuff working, but logging for LDAP is still not helping me much. When I restart Matterhorn I see these entries in the opencast.log. 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:133) - user dn is not null, loading from properties 2012-01-03 16:09:11 DEBUG (LdapUserProvider:184) - org.opencastproject.userdirectory.ldap.LdapUserProvider.wiu:type=LDAPRequest s was not registered 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:133) - user dn is not null, loading from properties 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:133) - user dn is not null, loading from properties 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:138) - user dn is null, anonymous 2012-01-03 16:09:11 DEBUG (LdapUserProvider:184) - org.opencastproject.userdirectory.ldap.LdapUserProvider.mh_default_org:type= LDAPRequests was not registered 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:133) - user dn is not null, loading from properties 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:138) - user dn is null, anonymous 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:138) - user dn is null, anonymous 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:133) - user dn is not null, loading from properties 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:133) - user dn is not null, loading from properties 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:138) - user dn is null, anonymous 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:133) - user dn is not null, loading from properties 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:138) - user dn is null, anonymous 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:138) - user dn is null, anonymous 2012-01-03 16:09:11 DEBUG (LdapUserProvider:130) - connecting to ldap 2012-01-03 16:09:11 DEBUG (LdapUserProvider:138) - user dn is null, anonymous Seems like every time I modify the conf/security/mh_defualt_org.xml file to test something....I get more of these. Like it's adding to a config somewhere in matterhorn but never clearing out old cached stuff? Anyway....I need a little assistance getting around this issue of LDAP not working for me. Thanks, Matt Mencel Western Illinois University _______________________________________________ Matterhorn-users mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn-users _______________________________________________ Matterhorn-users mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn-users
